| With the rapid development of China’s economy and society,the demand for industrial and residential electricity has significantly increased.The traditional power grid is developing into a new type of smart grid with high voltage,large capacity and large scale,and society’s demand for safe,economical and reliable operation of the power grid is increasing.The power dispatching automation system is a huge Cyber-Physical System,which integrates real-time monitoring,scheduling control and security analysis of the power grid.Once it fails,it will bring great harm to the stability of the power grid.The system’s operation data is collected by the SCADA system in the form of multi-dimensional time series,and the operators can analyse the status of the businesses running on the system based on this data.As the businesses continue to upgrade,the traditional anomaly detection methods that set fixed thresholds based on expert experience are no longer to handle the increasingly complex anomaly patterns of these businesses.In addition,due to the complexity of the coupling relationships in the system,once a component fails,the fault will propagate rapidly and lead to a large-scale alarm.In the absence of logical topology relationships,large-scale alarms greatly increase the difficulty of troubleshooting for operators and pose a huge risk to the grid.The power dispatching automation system runs smoothly most of the time,resulting in anomalies being relatively rare,and business anomalies are usually caused by abnormal behaviors of the underlying components.Therefore,in order to address the problems such as difficulty in detecting multiple types of anomalies and difficulty in using the correlation information between components to build a model,this paper investigates business anomaly detection methods from an unsupervised perspective.In addition,this paper also studies data-driven fault tracing methods to address the difficulty of accurately locating the root cause of mass alarms in the absence of logical topology relationships.The main work is as follows:(1)The business anomaly detection method under the condition of multiple anomaly patterns is studied.A time series anomaly detection method based on multi-scale feature extraction and probabilistic anomaly score is proposed to address the two problems:existing methods are difficult to accurately capture the overall and local features of time series data from multiple scales and difficult to resist noise interference in complex environments.In order to accurately identify the multiple types of anomalies that occur in the business,a parallel multi-scale feature extraction module is designed to capture the overall characteristics and detailed features of time series data.In order to improve the robustness of the model,different levels of noise are introduced for the input data,and the denoising criterion is applied during the training process to force the model to learn generalized features.In addition,to reduce the adverse effects of external interference on performance,an anomaly score based on reconstruction probability is designed so that the model can focus more on the confidence of each reconstruction result rather than the exact value.(2)The business anomaly detection method considering correlation dependencies is studied.Since the components supporting the same business function have complex relationships,business anomalies are often accompanied by changes in the association relationships between components.Most existing methods have difficulty in effectively using such spatial correlation information for anomaly detection.A graph convolutional time series anomaly detection method based on the fusion of explicit and implicit dependencies is proposed to detect and interpret the abnormal events.First,this method captures explicit and implicit dependencies between components through two association relationship extraction modules,respectively.The implicit association relationship extraction module is based on a multi-head self-attention mechanism,and the explicit relationship extraction module is based on an improved cosine similarity.Then,the multi-angle dependency graphs are fused to obtain the association fusion graph.Finally,the time series data and the fusion graph are fed together into the graph convolution autoencoder to reconstruct the original sequence,and anomaly detection is performed based on the reconstruction error.(3)The fault tracing method considering the change of association patterns between components is studied.Aiming at the difficulty of accurately locating the fault source from large-scale abnormal alarms when the logical topology relationship is unknown,a fault tracing method based on the change of causal relationship is proposed.Traditional rule-based fault tracing methods require explicit topology or expert knowledge for causal relationship modeling.At the same time,the dynamically changing business functions in large-scale Cyber-Physical Systems make it challenging to obtain the exact logical topology.In order to address this issue,the proposed method models the causal links based on convergent cross mapping from a data-driven perspective.Then it uses the change in causal relationships as one of the metrics to measure the degree of component failure.Since the coupling between components accomplishing the same business function is tighter and the coupling between other components is weaker,the causal graph is divided into communities to measure the degree of local anomalies of components.In addition,the proposed method also combines the variation of the component operating mode when fitting the final fault degree index to obtain a more accurate fault tracing result. |
PDF Full Text Request